Wendy's Faces Lawsuit For Unlawfully Collecting Employee Fingerprints

An anonymous reader quotes a report from ZDNet: A class-action lawsuit has been filed in Illinois against fast food restaurant chain Wendy's accusing the company of breaking state laws in regards to the way it stores and handles employee fingerprints. The complaint is centered around Wendy's practice of using biometric clocks that scan employees' fingerprints when they arrive at work, when they leave, and when they use the Point-Of-Sale and cash register systems.

Plaintiffs, represented by former Wendy's employees Martinique Owens and Amelia Garcia, claim that Wendy's breaks state law -- the Illinois Biometric Information Privacy Act (BIPA) -- because the company does not make employees aware of how it handles their data. More specifically, the lawsuit claims that Wendy's does not inform employees in writing of the specific purpose and length of time for which their fingerprints were being collected, stored, and used, as required by the BIPA, and nor does it obtain a written release from employees with explicit consent to obtain and handle the fingerprints in the first place. Wendy's also doesn't provide a publicly available retention schedule and guidelines for permanently destroying employees' fingerprints after they leave the company, plaintiffs said. [The plaintiffs also claim that Wendy's sends this data to a third-party without their consent.]

Paranoid BS

These locks don't store fingerprints, just a sensor hash. Useless for identification, works reasonably well with a limited amount of users.

Re:Paranoid BS

[Lothsahn]

A break in the chain IS possible. If someone gains access to the device, they could issue commands to retrieve the raw biometric data from the device and offload it. Most biometric sensors have API calls both to receive the template (hash) or the fingerprint image (raw data). If you get remote code execution on the device, employee fingerprints could be stolen by simply calling the API to retrieve the raw data.

Reversing the template to obtain the original fingerprint is simply not possible. That would be equivalent to saying "I have the md5 of a file, so if I find a weakness in md5, I can get the original file back!" To understand why this statement is untrue, let's talk about hashes and how they're broken.

A hash reduces a large data input to a small output, which can be used to verify that the input has not been altered (accidentally or maliciously). Except in extremely rare cases (small, known input sizes), hashing always causes such loss of data that the original file cannot be reconstructed.

A cryptographically secure hash adds one extra property. A cryptographically secure hash is engineered so it is difficult or "impossible" to create a different input that hashes to the same output. When hashes (like md5) are "broken", that means that we've devised a way to generate a series of inputs that resolves to the same hash--not that we can reconstruct the original input. In fact, once broken, we can generate a number of inputs that resolve to the same hash, and the original could be any one of them (or potentially another one we have not yet generated)!

Biometric templates are essentially non-cryptographic hashes. They are simply a measurement of the relative position and orientation between minutae (see here: http://www.uh.edu/engines/fing... for a description of what minutae are). Because they are not cryptographic, if you have a fingerprint template, it is absolutely possible to reconstruct a fingerprint that will match and score well against the template--that is, you could generate a spoof that would be accepted in the fingerprint reader. However, it would NOT be possible to reconstruct the original fingerprint, as too much data has been lost to reconstruct the original fingerprint.

I agree with the privacy concerns of biometric devices. It takes only one hack on such a device for your unchangeable biometric data to be stolen, forever. But if you need a person's fingerprint, the attack vectors aren't on the template data, they're on the device to obtain the raw image. Alternatively, if you had a fingerprint and a large data of stolen templates, you could likely identify a single or small set of individuals that had the fingerprint.

Note: I work on the industry on biometric devices, although not the ones that Wendy's uses.

Re: Paranoid BS

[Lothsahn]

Then you haven't used modern, good quality biometric devices.

Biometric sensors from 10-15 years ago absolutely worked terribly. Modern ones perform very well, and have a much better experience. 10-15 years ago, the industry had 10-20% of the population that could not reliably use fingerprint readers due to temperature, humidity, worn fingerprints, skin color, no fingerprints, and many other factors. Now, we have between .1-1% of the population that cannot use the devices, and <1% of the biometric operations fail. We have had numerous people use modern sensors that were blown away at how well they operate compared to prior generations.

Lumidigm has an excellent such sensor. Check out a video of it here: https://www.youtube.com/watch?...

That video is not just a marketing gimmick. They absolutely work as shown in the video.

Note: I work in the biometric industry, but not on Wendy's time clocks.

Classy

[Impy+the+Impiuos+Imp]

Clase action, that's the one where lawyers get millions, the original handful of plaintiffs get about $30,000, and all the other class action members get a free fries coupon for their next Wendy's trip, right?